Why complexity has become a security issue

A new ebook from ThreatDown lifts the lid on the negative effects of complexity in the security environment, and what to do about them.

The rise of “big game” ransomware since 2018 has altered the landscape of computer security considerably, increasing the complexity of security stacks and ramping up the demands on hard-pressed IT teams. The effects have been profound.

Tools like Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and next-generation firewalls offered organizations much better visibility of events on their networks. But all the information they produced had to be digested, cross-checked, and acted on by staff who were already hard-pressed.

And while thought leaders postulated about zero-trust networks, IT teams wrestled with folding ever more systems into Identity and Access Management solutions, and multi-factor authentication (MFA) rollouts.

Everything had its own implementation, configuration, training requirements, alerts, maintenance, and compliance obligations. And absolutely everything had a console demanding attention.

The effect of all this extra security was a lot of extra complexity, and it wasn’t long before the complexity started to hurt. By 2020 the cracks were beginning to show, and IBM’s annual Cyber Resilient Organization report called it out—too many tools weaken cyber resilience, it said.

The study revealed that the number of security solutions and technologies an organization used had an adverse effect on its ability to detect, prevent, contain and respond to a cybersecurity incident.

It’s not hard to see why: Complex security stacks create blind spots and false positives. They make it harder to see the big picture, gather critical information, and take action. Complexity also slows things down, and if you’re dealing with a live security threat, that’s a serious problem says Mary Arakiri, ThreatDown’s Senior Director, Information Security:

Complexity slows things down, the more complex a tool is to use, the slower it is to react … if you’re dealing with a breach, the breach is getting worse.

And the burden of all this complexity landed on IT teams with little to spare, who counted security as just one of the many hats they wear.

In April 2024, ThreatDown surveyed a group of 50 companies with 1-1,000 employees to take the temperature of life in IT. The results show clearly why IT teams are crying out for effective, hassle-free, and easy-to-manage security tools.

In our survey group, the average company had 440 devices to manage and just three IT staff. No wonder that 68% of them told us their biggest challenge is managing limited time and resources.

And those IT staff are well aware of the burden that complexity creates for them, with 78% agreeing that the more complex an IT environment is, the harder it is to secure.

They are also well aware of the specific burden of complexity in the security stack, with 64% believing the harder a security solution is to use, the less likely it is to be effective, and a huge 89% citing ease of use as a significant consideration when buying security software.

To lift the lid on the negative effects of complexity in the security stack, and what to do about it, ThreatDown has released a new ebook, The Cost of Complexty: 7 ways to improve security by doing less not more.

In the book, you’ll discover:

  • Why complexity is a security issue
  • Why ease of use is the antidote to complexity
  • How ThreatDown reduces complexity
  • What IT professionals say about ThreatDown
  • 7 ways to tackle complexity

Download the ebook